Compaction of the array with maps happens lazily upon adding new maps.
BUG=
Review URL: https://codereview.chromium.org/1481953002
Cr-Commit-Position: refs/heads/master@{#32717}
- Except 2x applications of ForceSet, where I still need to debug
why the expected replacement doesn't work as expected.
- Ca. 3/4 of the file is covered.
R=jochen@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1516483002
Cr-Commit-Position: refs/heads/master@{#32714}
Adds implementation and tests for CreateObjectLiteral, CreateArrayLiteral and CreateRegExpLiteral
to bytecode graph builder. Also changes these bytecodes to expect three operands instead of using
accumulator to pass one of the operands. This is done to avoid looking into the earlier nodes to
fetch operands in the bytecode graph builder. Also adds support for wide variant of these
bytecodes to bytecode generator and bytecode graph builder.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1503963002
Cr-Commit-Position: refs/heads/master@{#32710}
This operator now provides a second output which indicates whether the conversion from float64 to uint64 was successful or not. The second output returns 0 if the conversion fails, or something else if the conversion succeeds.
The second output can be ignored, which means that the operator can be used the same as the original operator.
I implement the new operator on x64 and arm64. @v8-mips-ports and @v8-ppc-ports, can you please take care of the mips64 and ppc64 implementation of the second output?
R=titzer@chromium.org, v8-arm-ports@googlegroups.com
Review URL: https://codereview.chromium.org/1507703002
Cr-Commit-Position: refs/heads/master@{#32705}
It's expensive to walk all shared function infos during the gc atomic
pause. Instead, use WeakCells to implement this structure without
manual clearing.
Reland due to a bug when reusing entries in the optimized code map.
BUG=
Review URL: https://codereview.chromium.org/1508703002
Cr-Commit-Position: refs/heads/master@{#32696}
It's cumbersome to maintain IC profiler statistics all the time.
Let's just do it as needed.
BUG=
Review URL: https://codereview.chromium.org/1507903004
Cr-Commit-Position: refs/heads/master@{#32693}
Reconstructing which stdlib object is used within an asm.js
module seems wasteful, given the typer has already checked this.
Preserving this information in a form that can be queried in
the asm-wasm-builder which generating code.
BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-asm-validator, test-parsing
R=titzer@chromium.org,marja@chromium.org,aseemgarg@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1508003002
Cr-Commit-Position: refs/heads/master@{#32687}
ECMAScript dates act as if the Gregorian changeover happened at the
beginning of time. This patch fixes up internationalized date
formatting to set that changeover properly, as opposed to the ICU
default which is in the 16th century.
BUG=chromium:537382
R=adamk,cira
LOG=Y
Review URL: https://codereview.chromium.org/1501113002
Cr-Commit-Position: refs/heads/master@{#32669}
Error still to be done, since that's not yet available in the bootstrapper.
BUG=v8:3900, v8:3931, v8:1543, v8:3330
LOG=n
Review URL: https://codereview.chromium.org/1499923002
Cr-Commit-Position: refs/heads/master@{#32662}
This patch improves escape analysis and fixes bugs
triggered by clusterfuzz. Impovements include:
* Handling of LoadElement/StoreElement if index is a
constant
* Handling of JSStoreProperty: invalidate all information,
as the store could have altered any field.
* Treat phis that use an allocation as escaping
* Improve resolution of replacements
R=mstarzinger@chromium.org
BUG=v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1499143002
Cr-Commit-Position: refs/heads/master@{#32656}
The new operator provides a second output which indicates whether the
conversion from float64 to int64 was successful or not. The second
output returns 0 if the conversion fails. If the conversion succeeds,
then the second output is differs from 0.
The second output can be ignored, which means that the operator can be
used the same way as the original operator.
I implemented the new operator on x64 and arm64. @v8-mips-ports and
@v8-ppc-ports, can you please take care of the mips64 and ppc64
implementation of the second output?
R=titzer@chromium.org, v8-arm-ports@googlegroups.com
Review URL: https://codereview.chromium.org/1495213003
Cr-Commit-Position: refs/heads/master@{#32653}
- Add JSReceiver::SetIntegrityLevel, with a fast path for regular objects.
- Make Object.{freeze,seal} call this via %Object{Freeze,Seal}, thus no longer
using broken or deprecated functions from v8natives.js.
- Add JSReceiver::OwnPropertyKeys convenience function.
- Reenable harmony/proxies-hash.js test.
R=rossberg
BUG=v8:1543
LOG=N
Review URL: https://codereview.chromium.org/1489423002
Cr-Commit-Position: refs/heads/master@{#32651}
The backing store is only held alive indirectly via the array buffer
referenced by the holder (typed array), so it's not enough to keep the
elements alive (or even just the external pointer loaded from the
elements).
R=mstarzinger@chromium.org,bmeurer@chromium.org
LOG=n
BUG=v8:1827
Review URL: https://codereview.chromium.org/1493983004
Cr-Commit-Position: refs/heads/master@{#32644}
The test expectations should fail consistently in both release and debug
builds. DCHECK is only meant for debug-only checks in production code.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1506753002
Cr-Commit-Position: refs/heads/master@{#32639}
Reason for revert:
[Sheriff] Breaks layout tests:
https://build.chromium.org/p/client.v8.fyi/builders/V8-Blink%20Linux%2064/builds/3266
Please request rebase upstream first.
Original issue's description:
> Clean up promises and fix an edge case bug
>
> This patch builds on previous Promise spec compliance work by
> cleaning out some old code which existed to support
> Promise.prototype.chain, rephrasing some code to correspond more
> closely to the specification, and removing some incorrect brand
> checking. A test is added for a bug in an edge case which was fixed.
>
> R=rossberg
> BUG=v8:3641
> LOG=Y
>
> Committed: https://crrev.com/1deb89c8fd3cb69714ae0a24e3b5a4e78f6b73b4
> Cr-Commit-Position: refs/heads/master@{#32627}
TBR=rossberg@chromium.org,caitpotter88@gmail.com,littledan@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=v8:3641
Review URL: https://codereview.chromium.org/1501763004
Cr-Commit-Position: refs/heads/master@{#32629}
This patch builds on previous Promise spec compliance work by
cleaning out some old code which existed to support
Promise.prototype.chain, rephrasing some code to correspond more
closely to the specification, and removing some incorrect brand
checking. A test is added for a bug in an edge case which was fixed.
R=rossberg
BUG=v8:3641
LOG=Y
Review URL: https://codereview.chromium.org/1488783002
Cr-Commit-Position: refs/heads/master@{#32627}
Attempt #<really big number>
Parses, and lazily rewrites Destructuring Assignment expressions. The rewriting strategy involves inserting a placeholder RewritableAssignmentExpression into the AST, whose content expression can be completely rewritten at a later time.
Lazy rewriting ensures that errors do not occur due to eagerly rewriting nodes which form part of a binding pattern, thus breaking the meaning of the pattern --- or by eagerly rewriting ambiguous constructs that are not immediately known
BUG=v8:811
LOG=Y
R=adamk@chromium.org, bmeurer@chromium.org, rossberg@chromium.org
Review URL: https://codereview.chromium.org/1309813007
Cr-Commit-Position: refs/heads/master@{#32623}
Having beefed up GetKeys() to support everything, use it for everything now.
This fixes Object.getOwnPropertyNames and Object.getOwnPropertySymbols for
Proxies, and gets rid of a bunch of code duplication.
BUG=v8:1543
LOG=n
Review URL: https://codereview.chromium.org/1498593006
Cr-Commit-Position: refs/heads/master@{#32620}
Fixing warnings which cause compilation to fail when compiling
using CLANG for MIPS
BUG=
Review URL: https://codereview.chromium.org/1493793002
Cr-Commit-Position: refs/heads/master@{#32619}
For now, we revoke a proxy by setting its handler to null (as in the spec).
Change the "target" field from Object to JSReceiver as there's no point in
allowing more.
R=jkummerow@chromium.org, rossberg
BUG=v8:1543
LOG=n
Review URL: https://codereview.chromium.org/1496243003
Cr-Commit-Position: refs/heads/master@{#32608}
Reason for revert:
Blocks the roll:
https://codereview.chromium.org/1497763004/
Original issue's description:
> [es6] Correctify and unify ArrayBuffer and SharedArrayBuffer constructors.
>
> The ArrayBuffer and SharedArrayBuffer constructors should raise an
> exception when called with no arguments or undefined length. Also
> unified the ArrayBuffer and SharedArrayBuffer implementations as C++
> builtins, and removed some (now) obsolete runtime entries.
>
> R=yangguo@chromium.org
>
> Committed: https://crrev.com/3235ccbb7826ceec2188f6ebab98fc851b54f60e
> Cr-Commit-Position: refs/heads/master@{#32590}
TBR=yangguo@chromium.org,cbruni@chromium.org,adamk@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1501673002
Cr-Commit-Position: refs/heads/master@{#32606}
Reason for revert:
Seems to be (mostly) responsible for the most recent Speedometer regression, not 100% sure. Let's see what the bots have to say.
Original issue's description:
> Provide call counts for constructor calls, surface them as a vector IC.
>
> CallIC and CallConstructStub look so alike, at least in the feedback they gather even if the implementation differs...and CallIC has such a nice way of surfacing the feedback (CallICNexus), that there is a request to make CallConstructStub look analogous. Enter ConstructICStub.
>
> BUG=
>
> Committed: https://crrev.com/66d5a9df62da458a51e8c7ed1811dc9660f4f418
> Cr-Commit-Position: refs/heads/master@{#32452}
TBR=mvstanton@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1489413006
Cr-Commit-Position: refs/heads/master@{#32599}
The ArrayBuffer and SharedArrayBuffer constructors should raise an
exception when called with no arguments or undefined length. Also
unified the ArrayBuffer and SharedArrayBuffer implementations as C++
builtins, and removed some (now) obsolete runtime entries.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1500543002
Cr-Commit-Position: refs/heads/master@{#32590}
Fix several operations in the parser that rewrite constant expressions
to preserve knowledge regarding whether a value originally contained a ".".
This information is required to accurately validate Asm.js typing.
Making the assumption that if either side of a binary operation contains
a dot, that the rewritten expression should be treated as a double for
Asm.js purposes. This is a slight deviation from the spec (which
would forbid mix type operations).
BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-asm-validator, test-parsing
R=titzer@chromium.org,marja@chromium.org,aseemgarg@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1492123002
Cr-Commit-Position: refs/heads/master@{#32581}
I added a flag to the CallDescriptor which indicates that the native
stack should be used for a CallObject instead of the js stack on arm64.
Additionally I removed the use of EmitPrepareArguments because the
current implementation does not work when float and int parameters are
mixed. I plan to fix it in a future CL, because currently I have a
problem figuring out the type of a parameter.
R=titzer@chromium.org, v8-arm-ports@googlegroups.com
Review URL: https://codereview.chromium.org/1494123002
Cr-Commit-Position: refs/heads/master@{#32577}
Extract ToBoolean hints from the fullcodegen code object and put them
into the ToBoolean nodes created by the AstGraphBuilder. We currently
do not yet consume this feedback, that will be done in a followup CL.
R=mstarzinger@chromium.org
BUG=v8:4583
LOG=n
Review URL: https://codereview.chromium.org/1494973002
Cr-Commit-Position: refs/heads/master@{#32576}
This moves the proper handling for the end node withing the constructed
graph into the RawMachineAssembler. This simplifies all assemblers and
makes the handling of {Start} and {End} symmetrical.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1493963003
Cr-Commit-Position: refs/heads/master@{#32563}
Adds implementation and tests for Inc and Dec to bytecode graph builder.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1499593002
Cr-Commit-Position: refs/heads/master@{#32562}
This passes the new.target value in a register instead of through a
side-channel via the construct stub. Note that this marks the last
consumer of said side-channel and the special slot in the construct
stub frame can be removed as a follow-up.
R=bmeurer@chromium.org,yangguo@chromium.org
TEST=mjsunit/es6/regress/regress-new-target-context
Review URL: https://codereview.chromium.org/1492793002
Cr-Commit-Position: refs/heads/master@{#32548}
It didn't support subclassing case at all and in non-subclassing case the runtime
allocation didn't do the slack tracking step.
BUG=chromium:563339
LOG=Y
Review URL: https://codereview.chromium.org/1488023002
Cr-Commit-Position: refs/heads/master@{#32547}
These bits were relevant back when we had nested lexical modules, but
I don't think they'll be of any use for ES2015 modules.
Review URL: https://codereview.chromium.org/1485053002
Cr-Commit-Position: refs/heads/master@{#32534}
This hackily disambiguates multiple calls for the iterator protocols in ForOf / Yield* by adding -2 / -1 to the pos.
BUG=v8:3953
LOG=y
Review URL: https://codereview.chromium.org/1491923003
Cr-Commit-Position: refs/heads/master@{#32527}
Split out of PropertyAttributes, and used for all filtering purposes.
Also moved PropertyAttributes into the v8::internal:: namespace.
No change in behavior intended.
Review URL: https://codereview.chromium.org/1492653004
Cr-Commit-Position: refs/heads/master@{#32525}
Also remove the ResultMode from ToBooleanStub and always return true or
false and use the same mechanism in fullcodegen. This is in preparation
for adding ToBoolean hints to TurboFan.
Drive-by-fix: We can use the power of the ToBooleanIC in TurboFan now
that the ResultMode is gone (and the runtime always returns true or
false from the miss handler).
R=mstarzinger@chromium.org
BUG=v8:4583
LOG=n
Review URL: https://codereview.chromium.org/1491223002
Cr-Commit-Position: refs/heads/master@{#32524}
We can constant fold %_IsJSReceiver(x) based on whether x is always a
receiver or can never be a receiver. This is important as
%_IsJSReceiver is inserted by the JSInliner.
R=jarin@chromium.org
BUG=v8:4544
LOG=n
Review URL: https://codereview.chromium.org/1486383003
Cr-Commit-Position: refs/heads/master@{#32519}
* Add a sibling interface to InterpreterAssembler called
CodeStubAssembler which provides a wrapper around the
RawMachineAssembler and is intented to make it easy to build
efficient cross-platform code stubs. Much of the implementation
of CodeStubAssembler is shamelessly stolen from the
InterpreterAssembler, and the idea is to eventually merge the
two interfaces somehow, probably moving the
InterpreterAssembler interface over to use the
CodeStubAssembler. Short-term, however, the two interfaces
shall remain decoupled to increase our velocity developing the
two systems in parallel.
* Implement the StringLength stub in TurboFan with the new
CodeStubAssembler. Replace and remove the old Hydrogen-stub
version.
* Remove a whole slew of machinery to support JavaScript-style
code stub generation, since it ultimately proved unwieldy,
brittle and baroque. This cleanup includes removing the shared
code stub context, several example stubs and a tangle of build
file changes.
BUG=v8:4587
LOG=n
Review URL: https://codereview.chromium.org/1475953002
Cr-Commit-Position: refs/heads/master@{#32508}
MIPS R6 introduced new behavior for handling of NaN values
for TRUNC, FLOOR, CEIL and CVT instructions. Adding support for
the new behavior in MIPS and MIPS64 simulators. Fixing tests
for MIPS and MIPS64 to align them with the new behavior.
BUG=
Review URL: https://codereview.chromium.org/1488613007
Cr-Commit-Position: refs/heads/master@{#32499}
This is the first part of escape analysis for turbofan.
At the moment, there is no deopt support, and support
for loops is partial (only binary Phis are handled).
The CL includes 4 unittests.
There are also 8 new mjsunit tests, some of which are
skiped as they require features not yet implemented.
BUG=v8:4586
LOG=n
Review URL: https://codereview.chromium.org/1457683003
Cr-Commit-Position: refs/heads/master@{#32498}
non-constructors are not allowed to have initial maps. The optimizing compilers used to add initial maps unconditionally to functions used as right-hand-side in instanceof.
BUG=
Review URL: https://codereview.chromium.org/1490003003
Cr-Commit-Position: refs/heads/master@{#32497}
Sanitize ConstructStub handling and add a test case to ensure that the
Symbol constructor is using the correct context.
R=jarin@chromium.org
BUG=v8:4413
LOG=n
Review URL: https://codereview.chromium.org/1489323002
Cr-Commit-Position: refs/heads/master@{#32491}
We currently use the outdated contexts list provided by the serializer
to update the receiver (the global proxy) in script contexts. However,
this is not actually necessary, since the global proxy is passed to the
deserializer and replaced as we deserialize.
Originally, the outdated contexts list is to update the global object
field in contexts. This was necessary since at the time the deserializer
creates the native context, the global object has not yet been created.
But the global proxy already exists.
R=bmeurer@chromium.org
Review URL: https://codereview.chromium.org/1488873004
Cr-Commit-Position: refs/heads/master@{#32483}
Xori instruction can only have unisgned 16-bit immediates for right input,
as such it is not suitable for bit negation on mips.
TEST=unittests/InstructionSecetorTest.Word(32|64)XorMinusOneWithParameter
BUG=
Review URL: https://codereview.chromium.org/1485833003
Cr-Commit-Position: refs/heads/master@{#32478}
This becomes visible if an exception is thrown by the constructor.
We do this on "new Array(3.5)", throwing a RangeError.
BUG=
Review URL: https://codereview.chromium.org/1483053004
Cr-Commit-Position: refs/heads/master@{#32476}
Object.prototype.hasOwnProperty should use JSReceiver::HasOwnProperty for
proxies.
BUG=v8:1543
LOG=N
Review URL: https://codereview.chromium.org/1480213004
Cr-Commit-Position: refs/heads/master@{#32475}
This moves the bailout for functions containing new.target variable to
the correct place so that Crankshaft doesn't accidentally inline such
functions, yielding an "undefined" new.target value all the time.
R=bmeurer@chromium.org
TEST=mjsunit/es6/regress/regress-inlined-new-target
Review URL: https://codereview.chromium.org/1484163003
Cr-Commit-Position: refs/heads/master@{#32468}
CallIC and CallConstructStub look so alike, at least in the feedback they gather even if the implementation differs...and CallIC has such a nice way of surfacing the feedback (CallICNexus), that there is a request to make CallConstructStub look analogous. Enter ConstructICStub.
BUG=
Review URL: https://codereview.chromium.org/1476413003
Cr-Commit-Position: refs/heads/master@{#32452}
This switches all remaining builtin methods to use the ES6 new.target
value when determined whether being called as a constructor or not. This
is prepatory work for fully deprecating the aforementioned intrinsic.
R=rossberg@chromium.org
Review URL: https://codereview.chromium.org/1474343002
Cr-Commit-Position: refs/heads/master@{#32447}
This is the initial support for binary operation hints on javascript
binary operators, i.e. JSAdd, JSSubtract and so on. The hints are
extracted from the fullcodegen code object before graph building and the
AstGraphBuilder puts those hints on the operators if available.
R=jarin@chromium.org
BUG=v8:4583
LOG=n
Review URL: https://codereview.chromium.org/1487973002
Cr-Commit-Position: refs/heads/master@{#32443}
SIMD.js potentially adds to the standard library passed into
asm.js modules. Splitting off the point where the SIMD object
would be referenced to allow work on SIMD typing to occur orthogonally.
Adding VariableInfo to allow tracking of simd constructors / check functions. Using this for fround.
BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-asm-validator
R=titzer@chromium.org,aseemgarg@chromium.org
LOG=N
Looking at simd.js
Review URL: https://codereview.chromium.org/1473513004
Cr-Commit-Position: refs/heads/master@{#32431}
This fixes a corner-case in redeclaration handling, where the ES2015
early error case got mixed up with legacy const handling in the parser.
Redeclaration using ES2015 'let' and 'const' should be early errors,
but legacy 'const' redeclaration has historically been a runtime error,
and should stay that way until legacy 'const' is gone.
The fix here is uglier than it might be due to
https://code.google.com/p/v8/issues/detail?id=4577, which keeps us
from simplifying the mess of if/else-if in the current code.
BUG=v8:4576
LOG=n
Review URL: https://codereview.chromium.org/1485943002
Cr-Commit-Position: refs/heads/master@{#32429}
Shifts of integer values are in some contexts collapsed by the parser into single literal AST nodes, rather than a direct representation of the parse tree. Confirming this behavior in tests.
Integer TypedArrays are assumed to load and store "intish" values rather than more fine-grained type information. Reducing the precision of the typing information to match the spec and simplify the wasm generator.
The asm spec requires load and store values of various "float?", "floatish", "double?" and "intish" types to ensure undefined values are not visible and that float32 rounding occurs at the right time. More closely matching this.
Adding additional testing around unsigned / signed comparisons, loads and stores.
Adding addition debug mode printing when asserting about types fail.
BUG= https://code.google.com/p/v8/issues/detail?id=4203
TEST=test-asm-validator, wasm side tests
R=titzer@chromium.org,aseemgarg@chromium.org
LOG=N
Review URL: https://codereview.chromium.org/1471073003
Cr-Commit-Position: refs/heads/master@{#32419}
an optomization to remove redundant cast operations.
1. Adds an optimization to remove redundant ToBoolean and ToName operations.
2. Adds implementation and tests for cast operatorts to bytecode graph builder.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1468003002
Cr-Commit-Position: refs/heads/master@{#32408}
Adds support and tests for throw to bytecode graph builder.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1481763002
Cr-Commit-Position: refs/heads/master@{#32399}
Add initial support to optimize certain "prototype" loads from known
JSFunctions which have a prototype. This includes an appropriate typing
rule plus a matching rule for typed lowering.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1482213002
Cr-Commit-Position: refs/heads/master@{#32390}
Both are integrated into JSReceiver::GetKeys().
For now, the implementation ignores Symbol/DONT_ENUM filtering.
BUG=v8:1543
LOG=n
Review URL: https://codereview.chromium.org/1474083003
Cr-Commit-Position: refs/heads/master@{#32384}
This makes sure that proxy + Function/Array works
Makes sure that new.target can be a generator
Makes sure that if new.target is not a subclass, but does not have a prototype, that we'll get that same prototype back the next time we look at new.target.prototype.
BUG=v8:1543, v8:3330, v8:3931
LOG=n
Review URL: https://codereview.chromium.org/1484473002
Cr-Commit-Position: refs/heads/master@{#32382}
Previously all contexts had a link to the global object, but what is
required in most cases (except for the global load, store and delete
case) is the native context.
This also removes the second dummy global object that was still linked
to every native context. We will add a different mechanism to ensure
that builtins do not pollute the actual global object during
bootstrapping.
Drive-by-fix: Unify some MacroAssembler magic and drop obsolete stuff.
CQ_INCLUDE_TRYBOTS=tryserver.v8:v8_linux_nosnap_rel
R=yangguo@chromium.org,mstarzinger@chromium.org
Committed: https://crrev.com/d290f204938295bfecc5c8e645ccfcff6e80ddb8
Cr-Commit-Position: refs/heads/master@{#32375}
Review URL: https://codereview.chromium.org/1480003002
Cr-Commit-Position: refs/heads/master@{#32381}
The TruncateFloat32ToUint64 operator converts a float32 to an uint64 using
round-to-zero rounding mode. If the input value is outside uint64 range, then
the result depends on the architecture. I provide an implementation for x64 and
arm64.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1479713003
Cr-Commit-Position: refs/heads/master@{#32379}
Reason for revert:
[Sheriff] Breaks:
https://build.chromium.org/p/client.v8/builders/V8%20Linux%20-%20nosnap/builds/5472
Original issue's description:
> [runtime] Replace global object link with native context link in all contexts.
>
> Previously all contexts had a link to the global object, but what is
> required in most cases (except for the global load, store and delete
> case) is the native context.
>
> This also removes the second dummy global object that was still linked
> to every native context. We will add a different mechanism to ensure
> that builtins do not pollute the actual global object during
> bootstrapping.
>
> Drive-by-fix: Unify some MacroAssembler magic and drop obsolete stuff.
>
> R=yangguo@chromium.org
>
> Committed: https://crrev.com/d290f204938295bfecc5c8e645ccfcff6e80ddb8
> Cr-Commit-Position: refs/heads/master@{#32375}
TBR=yangguo@chromium.org,mstarzinger@chromium.org,bmeurer@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1478303002
Cr-Commit-Position: refs/heads/master@{#32377}
Previously all contexts had a link to the global object, but what is
required in most cases (except for the global load, store and delete
case) is the native context.
This also removes the second dummy global object that was still linked
to every native context. We will add a different mechanism to ensure
that builtins do not pollute the actual global object during
bootstrapping.
Drive-by-fix: Unify some MacroAssembler magic and drop obsolete stuff.
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1480003002
Cr-Commit-Position: refs/heads/master@{#32375}
This replaces internal GetConstructorName with toStringTag, .constructor's name
and class_name. This entirely changes how the name is computed for use in
devtools.
BUG=chromium:529177
LOG=n
Review URL: https://codereview.chromium.org/1435273002
Cr-Commit-Position: refs/heads/master@{#32374}
This will allow moving the test outcome check beyond the
multi-process boundary in a follow up. It'll allow wrapping
more complex test jobs like predicable mode on the multi-
process side, which will make the code easier to maintain.
BUG=
Review URL: https://codereview.chromium.org/1469833002
Cr-Commit-Position: refs/heads/master@{#32373}
Moves all files related to AST and scopes into ast/,
and all files related to scanner & parser to parsing/.
Also eliminates a couple of spurious dependencies.
R=mstarzinger@chromium.org
BUG=
Review URL: https://codereview.chromium.org/1481613002
Cr-Commit-Position: refs/heads/master@{#32351}
Decouple the implicit ToObject for with statements from the actual
creation of the with context. This way we can handle/optimize those
constructs separately.
R=mstarzinger@chromium.org
Review URL: https://codereview.chromium.org/1481753003
Cr-Commit-Position: refs/heads/master@{#32341}
The fast-prototype test has been outsmarted by constructor inlining
because the instantiation is been correctly optimized away. Internal
state introspection about prototype turning fast was upset by that.
R=bmeurer@chromium.org
BUG=v8:4544
LOG=n
Review URL: https://codereview.chromium.org/1474763007
Cr-Commit-Position: refs/heads/master@{#32338}
Up until now we sometimes pass Smi 0 around as closure and expect the
runtime to translate that appropriately. But we need to be careful in
some places to not confuse the Smi 0 with a real closure. However, we
could instead just pass the correct closure extracted from the native
context.
This addresses three long-standing TODOs in the JSTypedLowering pass.
Drive-by-fix: Further unify error message reporting for ToObject (we had
a special message in case of ToObject error in with context creation).
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1475383002
Cr-Commit-Position: refs/heads/master@{#32336}
Removing bytecode graph builder tests as they are high maintenance and
have limited use, ie they track changes in the implementation rather
than behaviour.
BUG=v8:4280
LOG=N
Review URL: https://codereview.chromium.org/1477783003
Cr-Commit-Position: refs/heads/master@{#32333}
For a * b with only truncated word32 uses (or result known to be in
signed32 range), we can use Int32Mul if we know for sure that the
intermediate result is inside the safe integer range, and a and b are
in signed32 range.
Drive-by-fix: Also use TypeCache in SimplifiedLowering.
R=jarin@chromium.org
Review URL: https://codereview.chromium.org/1478953002
Cr-Commit-Position: refs/heads/master@{#32330}
Reason for revert:
Unexpected error occurred.
Original issue's description:
> [turbofan] Implemented the TruncateFloat32ToInt64 TurboFan operator.
>
> The TruncateFloat32ToInt64 operator converts a float32 to an int64 using
> the round-to-zero rounding mode (truncate). If the input value is
> outside the int64 range, then the result depends on the architecture. I
> implemented the operator on x64, arm64, and mips64.
>
> R=titzer@chromium.org, jacob.bramley@arm.com
>
> Committed: https://crrev.com/1df1066c3c77464d2a68d7c8d501a5a0f3ad195a
> Cr-Commit-Position: refs/heads/master@{#32315}
TBR=jacob.bramley@arm.com,titzer@chromium.org,v8-mips-ports@googlegroups.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
Review URL: https://codereview.chromium.org/1475343002
Cr-Commit-Position: refs/heads/master@{#32316}
The TruncateFloat32ToInt64 operator converts a float32 to an int64 using
the round-to-zero rounding mode (truncate). If the input value is
outside the int64 range, then the result depends on the architecture. I
implemented the operator on x64, arm64, and mips64.
R=titzer@chromium.org, jacob.bramley@arm.com
Review URL: https://codereview.chromium.org/1476063002
Cr-Commit-Position: refs/heads/master@{#32315}
Reason for revert:
This is also unsound for the reasons outlined in
https://codereview.chromium.org/1473073004/
Will reland the mjsunit test separately and help Fedor to implement a solution based on simplified operators.
Original issue's description:
> [machine-operator-reducer] fix float truncation
>
> Don't replace `TruncateFloat64ToInt32(RoundInt64ToFloat64(value))` with
> `value`. Generally, `value` may have a range bigger than the one that
> could fit into Int32. Replace it with `TruncateInt64ToInt32(value)`
> instead, and only if the `value` fits into Float64 without precision
> loss.
>
> Add missing mjsunit test for 52bit multiplication/division optimization
> that has landed in refs/heads/master@{#31899}.
>
> BUG=
> R=titzer@google.com
>
> Committed: https://crrev.com/64efa2a904773816968992628f0bf0f1b7ae82be
> Cr-Commit-Position: refs/heads/master@{#32227}
TBR=titzer@chromium.org,fedor@indutny.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1468313009
Cr-Commit-Position: refs/heads/master@{#32312}
Reason for revert:
Unsound use of types in the MachineOperatorReducer. Will work on a sound solution with Fedor.
Original issue's description:
> [compiler] merge binary-operator-reducer
>
> Merge BinaryOperatorReducer into the MachineOperatorReducer class.
> It does not need `Revisit()` calls, because the newly inserted nodes are
> visited anyway, and there are no other methods that need AdvancedReducer
> there.
>
> BUG=
> R=titzer@chromium.org
>
> Committed: https://crrev.com/993ba9d2529a6401b3040b9263f8d06db7dbb4f1
> Cr-Commit-Position: refs/heads/master@{#32298}
TBR=titzer@chromium.org,fedor@indutny.com
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=
Review URL: https://codereview.chromium.org/1476763006
Cr-Commit-Position: refs/heads/master@{#32310}
The Float32RoundTiesEven operator rounds float32 numbers towards the nearest
integer. If the distance to two integers is the same, then the result is
the even integer. This is the default rounding mode of the ieee 754 floating
point standard.
I implemented the optional Float32RoundTiesEven operator on x64, ia32, arm, and arm64.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1477753002
Cr-Commit-Position: refs/heads/master@{#32308}
This will make sure that message tests cover both the parser and preparser
paths, just as we do for parsing-related cctests.
BUG=v8:4372
LOG=n
Review URL: https://codereview.chromium.org/1469383004
Cr-Commit-Position: refs/heads/master@{#32307}
Also fix CheckConflictingVarDeclarations() to properly handle
legacy const bindings. Without that change enabling the flag
causes code like:
function f() { const x; var x; }
to throw an early error, rather than wait to throw the error
until f is invoked.
The previous patch ran into problems with the fuzzer; that crash was fixed
(with test coverage added) in https://crrev.com/ceb92ebfdfb561d71038793c02b42aa973f55ec4
BUG=v8:811
LOG=y
TBR=rossberg@chromium.org
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_chromium_rel_ng;tryserver.blink:linux_blink_rel
Review URL: https://codereview.chromium.org/1473243006
Cr-Commit-Position: refs/heads/master@{#32306}
In this new version of test262, a number of known failing tests have
been changed to match the ES2016 semantics, which V8 implements.
R=adamk
Review URL: https://codereview.chromium.org/1475793004
Cr-Commit-Position: refs/heads/master@{#32303}
The Float32RoundTruncate operator rounds float32 numbers towards zero.
The operator is currently implemented on x64, ia32, arm, and arm64.
Additionally I added support for the float32 vrintz, vrintn, and vrinta
instructions to the arm simulator.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1468303005
Cr-Commit-Position: refs/heads/master@{#32301}
Merge BinaryOperatorReducer into the MachineOperatorReducer class.
It does not need `Revisit()` calls, because the newly inserted nodes are
visited anyway, and there are no other methods that need AdvancedReducer
there.
BUG=
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1473073004
Cr-Commit-Position: refs/heads/master@{#32298}
ES6 section 12.2.8.1 states that flags for regular expression literals
must be checked during parsing and invalid flags are early errors. This
change adapts the Scanner and (Pre)Parser to act according to the spec.
This is also a prerequisite to unify the handling of literal creation
(for Objects, Arrays, Regexps, and at some point Classes).
R=yangguo@chromium.org
Review URL: https://codereview.chromium.org/1472323002
Cr-Commit-Position: refs/heads/master@{#32273}
This passes the new.target value in a register instead of through a
side-channel via the construct stub. The interpreter entry trampoline
stores this value in a bytecode register so that it can be accessed
directly by the interpreter. The size of the interpreter stack frame
hence grows by one slot.
R=oth@chromium.org
BUG=v8:4544
LOG=n
Review URL: https://codereview.chromium.org/1469313002
Cr-Commit-Position: refs/heads/master@{#32264}
The Float32RoundUp operator rounds float32 numbers towards infinity.
The operator is currently implemented on x64, ia32, arm, and arm64.
R=titzer@chromium.org
Review URL: https://codereview.chromium.org/1474963002
Cr-Commit-Position: refs/heads/master@{#32262}
This is the initial step towards refactoring the regexp literation
creation code to make it less obscure and more similar to the mechanism
we use to create array and object literals. There's now a new runtime
entry %CreateRegExpLiteral with the same interface as the entries for
array and object literals, except that we still pass the flags as
string.
Instead of embedding the hand written native to clone JSRegExp instances
we now have a FastCloneRegExpStub, which behaves similar to the other
FastCloneShallowArrayStub and FastCloneShallowObjectStub that we already
had.
R=mlippautz@chromium.org, yangguo@chromium.org
Review URL: https://codereview.chromium.org/1475823003
Cr-Commit-Position: refs/heads/master@{#32255}
This change replaces the bitwise masking of uses by storing the most general truncation for all uses.
Review URL: https://codereview.chromium.org/1464763003
Cr-Commit-Position: refs/heads/master@{#32248}
The first bug was that there are two different "initialization positions"
passed into PatternRewriter::DeclareAndInitializeVariables, and we weren't
setting them all properly for this case.
After further code review, it became clear that we weren't even recording
the correct position (the end of the initializer expression).
The combination of those two bugs caused the hole check elimination code
in full-codegen to skip emitting a hole check.
This patch takes care of both of those things. A follow-up will try
to reduce the number of "initializer positions" we track in the
variable declaration code.
R=littledan@chromium.org
BUG=v8:4568
LOG=n
Review URL: https://codereview.chromium.org/1468143004
Cr-Commit-Position: refs/heads/master@{#32237}
